feat(mastodon): add ansible role for deployment
This commit is contained in:
parent
1fe954197f
commit
327943d96a
80
roles/mastodon/defaults/main.yml
Normal file
80
roles/mastodon/defaults/main.yml
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
|
||||
mastodon_user: mastodon
|
||||
mastodon_base_path: /opt/mastodon
|
||||
mastodon_domain: ~
|
||||
mastodon_version: 3.5.1
|
||||
mastodon_git_upstream_url: "https://github.com/mastodon/mastodon.git"
|
||||
|
||||
mastodon_data_path: "{{ mastodon_base_path }}/data"
|
||||
mastodon_repo_path: "{{ mastodon_base_path }}/src"
|
||||
mastodon_config_path: "{{ mastodon_base_path }}/config"
|
||||
mastodon_config_env_file: "{{ mastodon_config_path }}/env.production"
|
||||
|
||||
mastodon_container_name: mastodon
|
||||
mastodon_container_name_sidekiq: "{{ mastodon_container_name }}_sidekiq"
|
||||
mastodon_container_name_streaming: "{{ mastodon_container_name }}_streaming"
|
||||
mastodon_container_image_name: "tootsuite/mastodon"
|
||||
mastodon_container_image_tag: "v{{ mastodon_version }}"
|
||||
mastodon_container_image_ref: "{{ mastodon_container_image_name }}:{{ mastodon_container_image_tag }}"
|
||||
mastodon_container_networks:
|
||||
- name: "{{ mastodon_container_network_name }}"
|
||||
|
||||
mastodon_container_base_volumes_streaming: []
|
||||
mastodon_container_extra_volumes_streaming: "{{ mastodon_container_extra_volumes }}"
|
||||
mastodon_container_volumes_streaming: >-
|
||||
{{ mastodon_container_base_volumes_streaming + mastodon_container_extra_volumes_streaming }}
|
||||
|
||||
mastodon_container_base_volumes_sidekiq:
|
||||
- "{{ mastodon_repo_path }}/public/system:/mastodon/public/system:ro"
|
||||
mastodon_container_extra_volumes_sidekiq: "{{ mastodon_container_extra_volumes }}"
|
||||
mastodon_container_volumes_sidekiq: >-
|
||||
{{ mastodon_container_base_volumes_sidekiq + mastodon_container_extra_volumes_sidekiq }}
|
||||
|
||||
mastodon_container_base_volumes:
|
||||
- "{{ mastodon_repo_path }}/public/system:/mastodon/public/system:z"
|
||||
mastodon_container_extra_volumes: []
|
||||
mastodon_container_volumes: >-
|
||||
{{ mastodon_container_base_volumes + mastodon_container_extra_volumes }}
|
||||
|
||||
mastodon_container_ports_streaming:
|
||||
- "127.0.0.1:4000:4000"
|
||||
mastodon_container_ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
mastodon_container_restart_policy: unless-stopped
|
||||
|
||||
mastodon_container_network_name: mastodon
|
||||
|
||||
mastodon_secret_key: ~
|
||||
mastodon_otp_secret: ~
|
||||
mastodon_vapid_public_key: ~
|
||||
mastodon_vapid_private_key: ~
|
||||
|
||||
mastodon_redis_host: ~
|
||||
mastodon_redis_port: ~
|
||||
mastodon_redis_password: ~
|
||||
mastodon_redis_db_index: ~
|
||||
|
||||
mastodon_database_host: localhost
|
||||
mastodon_database_port: 5432
|
||||
mastodon_database_user: mastodon
|
||||
mastodon_database_pass: ~
|
||||
mastodon_database_name: mastodon
|
||||
|
||||
mastodon_mail_server: ~
|
||||
mastodon_mail_port: 587
|
||||
mastodon_mail_user: ~
|
||||
mastodon_mail_password: ~
|
||||
mastodon_mail_from_address: "notifications@{{ mastodon_domain }}"
|
||||
|
||||
mastodon_elasticsearch_enabled: false
|
||||
mastodon_elasticsearch_host: ~
|
||||
mastodon_elasticsearch_port: ~
|
||||
mastodon_elasticsearch_user: ~
|
||||
mastodon_elasticsearch_pass: ~
|
||||
|
||||
mastodon_s3_enabled: false
|
||||
mastodon_s3_bucket: ~
|
||||
mastodon_s3_aws_access_key_id: ~
|
||||
mastodon_s3_aws_secret_access_key: ~
|
||||
mastodon_s3_alias_host: ~
|
26
roles/mastodon/handlers/main.yml
Normal file
26
roles/mastodon/handlers/main.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
|
||||
- name: Restart mastodon sidekiq
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name_sidekiq }}"
|
||||
state: started
|
||||
restart: true
|
||||
listen:
|
||||
- restart-mastodon
|
||||
- restart-mastodon-sidekiq
|
||||
|
||||
- name: Restart mastodon streaming
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name_streaming }}"
|
||||
state: started
|
||||
restart: true
|
||||
listen:
|
||||
- restart-mastodon
|
||||
- restart-mastodon-streaming
|
||||
|
||||
- name: Restart mastodon web
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name }}"
|
||||
state: started
|
||||
restart: true
|
||||
listen: restart-mastodon
|
125
roles/mastodon/tasks/main.yml
Normal file
125
roles/mastodon/tasks/main.yml
Normal file
@ -0,0 +1,125 @@
|
||||
---
|
||||
|
||||
- name: Ensure mastodon user '{{ mastodon_user }}' exists
|
||||
user:
|
||||
name: "{{ mastodon_user }}"
|
||||
state: present
|
||||
system: true
|
||||
register: mastodon_user_info
|
||||
|
||||
- name: Ensure host directories are present
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
owner: "{{ item.owner | default(mastodon_user) }}"
|
||||
group: "{{ item.group | default(mastodon_user) }}"
|
||||
mode: "{{ item.mode | default('0750') }}"
|
||||
loop:
|
||||
- path: "{{ mastodon_base_path }}"
|
||||
mode: '0755'
|
||||
- path: "{{ mastodon_config_path }}"
|
||||
- path: "{{ mastodon_data_path }}"
|
||||
- path: "{{ mastodon_repo_path }}"
|
||||
mode: '0700'
|
||||
loop_control: { label: "{{ item.path }}" }
|
||||
|
||||
- name: Ensure environment file is templated
|
||||
template:
|
||||
src: env.j2
|
||||
dest: "{{ mastodon_config_env_file }}"
|
||||
owner: "{{ mastodon_user_info.uid | default(mastodon_user) }}"
|
||||
group: "{{ mastodon_user_info.group | default(mastodon_user) }}"
|
||||
mode: "0640"
|
||||
notify: restart-mastodon
|
||||
|
||||
- name: Ensure mastodon git repository is present and up-to-date
|
||||
git:
|
||||
repo: "{{ mastodon_git_upstream_url }}"
|
||||
dest: "{{ mastodon_repo_path }}"
|
||||
refspec: "v{{ mastodon_version }}"
|
||||
version: "v{{ mastodon_version }}"
|
||||
force: no
|
||||
recursive: yes
|
||||
track_submodules: yes
|
||||
register: git_repo_info
|
||||
|
||||
- name: Ensure docker network for backend communication is created
|
||||
docker_network:
|
||||
name: "{{ mastodon_container_network_name }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure mastodon docker image is built
|
||||
docker_image:
|
||||
name: "{{ mastodon_container_image_name }}"
|
||||
tag: "{{ mastodon_container_image_tag }}"
|
||||
state: present
|
||||
source: build
|
||||
build:
|
||||
path: "{{ mastodon_repo_path }}"
|
||||
args:
|
||||
UID: "{{ mastodon_user_info.uid }}"
|
||||
GID: "{{ mastodon_user_info.group }}"
|
||||
when: git_repo_info.before != git_repo_info.after
|
||||
|
||||
- name: Ensure database is seeded
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name }}_setup_db"
|
||||
image: "{{ mastodon_container_image_ref }}"
|
||||
networks: "{{ mastodon_container_networks }}"
|
||||
volumes: "{{ mastodon_container_volumes }}"
|
||||
env_file: "{{ mastodon_config_env_file }}"
|
||||
command: "bash -c \"bundle exec rails db:setup\""
|
||||
tty: yes
|
||||
interactive: yes
|
||||
detach: no
|
||||
cleanup: yes
|
||||
|
||||
- name: Ensure mastodon sidekiq container '{{ mastodon_container_name_sidekiq }}' is running
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name_sidekiq }}"
|
||||
image: "{{ mastodon_container_image_ref }}"
|
||||
networks: "{{ mastodon_container_networks }}"
|
||||
volumes: "{{ mastodon_container_volumes_sidekiq }}"
|
||||
env_file: "{{ mastodon_config_env_file }}"
|
||||
command: "bundle exec sidekiq"
|
||||
restart_policy: "{{ mastodon_container_restart_policy }}"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||
interval: 5s
|
||||
retries: 3
|
||||
start_period: 0s
|
||||
timeout: 5s
|
||||
|
||||
- name: Ensure mastodon streaming container '{{ mastodon_container_name_streaming }}' is running
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name_streaming }}"
|
||||
image: "{{ mastodon_container_image_ref }}"
|
||||
networks: "{{ mastodon_container_networks }}"
|
||||
volumes: "{{ mastodon_container_volumes_streaming }}"
|
||||
env_file: "{{ mastodon_config_env_file }}"
|
||||
command: "node ./streaming"
|
||||
restart_policy: "{{ mastodon_container_restart_policy }}"
|
||||
ports: "{{ mastodon_container_ports_streaming }}"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
|
||||
interval: 5s
|
||||
retries: 3
|
||||
start_period: 0s
|
||||
timeout: 5s
|
||||
|
||||
- name: Ensure mastodon container '{{ mastodon_container_name }}' is running
|
||||
docker_container:
|
||||
name: "{{ mastodon_container_name }}"
|
||||
image: "{{ mastodon_container_image_ref }}"
|
||||
networks: "{{ mastodon_container_networks }}"
|
||||
volumes: "{{ mastodon_container_volumes }}"
|
||||
env_file: "{{ mastodon_config_env_file }}"
|
||||
command: "bash -c \"rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000\""
|
||||
restart_policy: "{{ mastodon_container_restart_policy }}"
|
||||
ports: "{{ mastodon_container_ports }}"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
|
||||
interval: 5s
|
||||
retries: 3
|
||||
start_period: 0s
|
||||
timeout: 5s
|
76
roles/mastodon/templates/env.j2
Normal file
76
roles/mastodon/templates/env.j2
Normal file
@ -0,0 +1,76 @@
|
||||
# This is a sample configuration file. You can generate your configuration
|
||||
# with the `rake mastodon:setup` interactive setup wizard, but to customize
|
||||
# your setup even further, you'll need to edit it manually. This sample does
|
||||
# not demonstrate all available configuration options. Please look at
|
||||
# https://docs.joinmastodon.org/admin/config/ for the full documentation.
|
||||
|
||||
# Note that this file accepts slightly different syntax depending on whether
|
||||
# you are using `docker-compose` or not. In particular, if you use
|
||||
# `docker-compose`, the value of each declared variable will be taken verbatim,
|
||||
# including surrounding quotes.
|
||||
# See: https://github.com/mastodon/mastodon/issues/16895
|
||||
|
||||
# Federation
|
||||
# ----------
|
||||
# This identifies your server and cannot be changed safely later
|
||||
# ----------
|
||||
LOCAL_DOMAIN={{ mastodon_domain }}
|
||||
|
||||
# Redis
|
||||
# -----
|
||||
REDIS_HOST={{ mastodon_redis_host }}
|
||||
REDIS_PORT={{ mastodon_redis_port }}
|
||||
{% if mastodon_redis_password %}
|
||||
REDIS_PASSWORD={{ mastodon_redis_password }}
|
||||
{% endif %}
|
||||
{% if mastodon_redis_db_index %}
|
||||
REDIS_PASSWORD={{ mastodon_redis_db_index }}
|
||||
{% endif %}
|
||||
|
||||
# PostgreSQL
|
||||
# ----------
|
||||
DB_HOST={{ mastodon_database_host }}
|
||||
DB_USER={{ mastodon_database_user }}
|
||||
DB_NAME={{ mastodon_database_name }}
|
||||
DB_PASS={{ mastodon_database_pass }}
|
||||
DB_PORT={{ mastodon_database_port }}
|
||||
|
||||
# Elasticsearch (optional)
|
||||
# ------------------------
|
||||
ES_ENABLED={{ mastodon_elasticsearch_enabled }}
|
||||
ES_HOST={{ mastodon_elasticsearch_host }}
|
||||
ES_PORT={{ mastodon_elasticsearch_port }}
|
||||
# Authentication for ES (optional)
|
||||
ES_USER={{ mastodon_elasticsearch_user }}
|
||||
ES_PASS={{ mastodon_elasticsearch_pass }}
|
||||
|
||||
# Secrets
|
||||
# -------
|
||||
# Make sure to use `rake secret` to generate secrets
|
||||
# -------
|
||||
SECRET_KEY_BASE={{ mastodon_secret_key }}
|
||||
OTP_SECRET={{ mastodon_otp_secret }}
|
||||
|
||||
# Web Push
|
||||
# --------
|
||||
# Generate with `rake mastodon:webpush:generate_vapid_key`
|
||||
# --------
|
||||
VAPID_PRIVATE_KEY={{ mastodon_vapid_private_key }}
|
||||
VAPID_PUBLIC_KEY={{ mastodon_vapid_public_key }}
|
||||
|
||||
# Sending mail
|
||||
# ------------
|
||||
SMTP_SERVER={{ mastodon_mail_server }}
|
||||
SMTP_PORT={{ mastodon_mail_port }}
|
||||
SMTP_LOGIN={{ mastodon_mail_user }}
|
||||
SMTP_PASSWORD={{ mastodon_mail_password }}
|
||||
SMTP_FROM_ADDRESS={{ mastodon_mail_from_address }}
|
||||
|
||||
# File storage (optional)
|
||||
# -----------------------
|
||||
S3_ENABLED={{ mastodon_s3_enabled }}
|
||||
S3_BUCKET={{ mastodon_s3_bucket }}
|
||||
AWS_ACCESS_KEY_ID={{ mastodon_s3_aws_access_key_id }}
|
||||
AWS_SECRET_ACCESS_KEY={{ mastodon_s3_aws_secret_access_key }}
|
||||
S3_ALIAS_HOST={{ mastodon_s3_alias_host }}
|
||||
|
0
roles/mastodon/vars/main.yml
Normal file
0
roles/mastodon/vars/main.yml
Normal file
Loading…
x
Reference in New Issue
Block a user